hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-28 18:25:24 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add tornado source

Browse Source
This commit is contained in:
haby0
2021-07-05 10:42:15 +08:00
parent b866f1b21e
commit e8d0827916
5 changed files with 90 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
python/ql/src/experimental/Security/CWE-348/ClientSuppliedIpUsedInSecurityCheckLib.qll
View File

@@ -46,6 +46,27 @@ private class DjangoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIp
}
}
private class TornadoClientSuppliedIpUsedInSecurityCheck extends ClientSuppliedIpUsedInSecurityCheck {
TornadoClientSuppliedIpUsedInSecurityCheck() {
exists(RemoteFlowSource rfs, DataFlow::LocalSourceNode lsn |
rfs.getSourceType() = "tornado.web.RequestHandler" and rfs.asCfgNode() = lsn.asCfgNode()
|
lsn.flowsTo(DataFlow::exprNode(this.getFunction()
.asExpr()
.(Attribute)
.getObject()
.(Attribute)
.getObject()
.(Attribute)
.getObject())) and
this.getFunction().asExpr().(Attribute).getName() in ["get", "get_list"] and
this.getFunction().asExpr().(Attribute).getObject().(Attribute).getName() = "headers" and
this.getArg(0).asCfgNode().getNode().(StrConst).getText().toLowerCase() =
clientIpParameterName()
)
}
}
private string clientIpParameterName() {
result in [
"x-forwarded-for", "x_forwarded_for", "x-real-ip", "x_real_ip", "proxy-client-ip",